[issue31809] ssl module unnecessarily pins the client curve when using ECDH

2018-02-25 Thread Christian Heimes
Christian Heimes added the comment: New changeset ff7528f089b60f8372c658f3bc3b14b059114da9 by Christian Heimes (Miss Islington (bot)) in branch '3.7': [3.7] bpo-31809: test secp ECDH curves (GH-4036) (#5872) https://github.com/python/cpython/commit/ff7528f089b60f8372c658f3bc3b14b059114da9 --

[issue31809] ssl module unnecessarily pins the client curve when using ECDH

2018-02-25 Thread Christian Heimes
Christian Heimes added the comment: New changeset b7b9225831a729bff84eb7c43bad138416b994fe by Christian Heimes in branch 'master': bpo-31809: test secp ECDH curves (#4036) https://github.com/python/cpython/commit/b7b9225831a729bff84eb7c43bad138416b994fe -- __

[issue31809] ssl module unnecessarily pins the client curve when using ECDH

2018-02-25 Thread miss-islington
Change by miss-islington : -- pull_requests: +5645 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mai

[issue31809] ssl module unnecessarily pins the client curve when using ECDH

2017-10-25 Thread Andy
Andy added the comment: Thanks for adding the test! If the official stance is that only the latest OpenSSL is supported then this is definitely WAI. Sounds like a good policy... I'll close this issue. -- resolution: -> not a bug stage: -> resolved status: open -> closed __

[issue31809] ssl module unnecessarily pins the client curve when using ECDH

2017-10-18 Thread Christian Heimes
Christian Heimes added the comment: - BoringSSL is not a supported libssl/libcrypto library for Python. We only support 100% OpenSSL-compatible libraries. - OpenSSL 1.0.1 is no longer supported by upstream. Python's semi-official support policy for 1.0.1 and 0.9.8 is "use at your own risk". Yo

[issue31809] ssl module unnecessarily pins the client curve when using ECDH

2017-10-18 Thread Christian Heimes
Change by Christian Heimes : -- keywords: +patch pull_requests: +4010 stage: -> patch review ___ Python tracker ___ ___ Python-bugs-

[issue31809] ssl module unnecessarily pins the client curve when using ECDH

2017-10-18 Thread Andy
Andy added the comment: While debugging I reproduced this on - 'OpenSSL 1.1.0f 25 May 2017' - 'OpenSSL 1.0.1f 6 Jan 2014' - and 'BoringSSL', latest. using Python 2.7.12, 2.7.13, 2.7.6 and 3.5.3. This was all on Debian. Note that since I used Python <2.7.14 (or equivalent for 3.x) for all tes

[issue31809] ssl module unnecessarily pins the client curve when using ECDH

2017-10-18 Thread Christian Heimes
Christian Heimes added the comment: Which version of OpenSSL are you using? Please note that macOS' system python uses either an ancient version of OpenSSL 0.9.8 or an ancient version of LibreSSL (IIRC 2.3.x). The code in question is: if !defined(OPENSSL_NO_ECDH) && !defined(OPENSSL_VERSION_

[issue31809] ssl module unnecessarily pins the client curve when using ECDH

2017-10-18 Thread A
New submission from A : When using elliptic curves in combination with the ssl module to wrap a socket, the only curve the client accepts is prime256v1. Expected behavior is to accept all curves that are on the default list and supported by the server. We noticed the issue when connecting to a